The article provides a detailed insight into legal and organizational aspects of new obligations to report critical incidents in the field of security of network and information systems in the EU (NIS Directive).